<?php
include('include/config.inc.php');
$pageName = 'changePwd';
if($_SESSION['s_userType'] == 'User')
{
   $authorization = "NoAccess";
   foreach($selUsermenuArr as $value)
   {
     if(in_array($pageName, $value))
       {
         $authorization ="Access";
         break;
       }
       else 
       {
        $authorization = "NoAccess";    
       }
   }
   if($authorization == "NoAccess")
   {
     header("location:index.php");
   }
}
if(!isset($_SESSION['s_activId']))
{
  $_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
  header("Location:checkLogin.php");
}
else
{
  $msg = "";
  if(isset($_POST['oldPassword']))
  {
    $selectQuery = "SELECT password
                      FROM user
                     WHERE userName = '".$_SESSION['s_activId']."'
                       AND password = '".md5($_POST['oldPassword'])."'";
    $selectQueryResult = mysql_query($selectQuery);
    if($afectedAny = mysql_fetch_array($selectQueryResult))
    {
        $afectedAny['password'];
      if($afectedAny['password'] == md5($_POST['oldPassword']))
      {
        $updateQuery = "UPDATE user
                           SET password = '".md5($_POST['newPassword'])."'
                         WHERE userName = '".$_SESSION['s_activId']."'
                           AND password = '".md5($_POST['oldPassword'])."'";
        mysql_query($updateQuery);
        header("Location:./index.php");
      }
      else
        $msg = "Password Not Change";
      }
  }
  include("./bottom.php");
  $smarty->assign("msg",$msg);
  $smarty->display("changePwd.tpl");
}
?>